DOM-based Cross-Site Scripting Vulnerability in GroupOffice by Intermesh
CVE-2025-48368
5.8MEDIUM
What is CVE-2025-48368?
GroupOffice, a widely used enterprise customer relationship management and groupware tool, contains a DOM-based Cross-Site Scripting vulnerability in versions prior to 6.8.119 and 25.0.20. This security issue enables attackers to execute arbitrary JavaScript code within the victim's browser context. By injecting carefully crafted payloads into specific parameters processed unsafely in the Document Object Model (DOM), attackers can potentially hijack user sessions, deface applications, or redirect users to malicious websites. The subsequent versions 6.8.119 and 25.0.20 have addressed this vulnerability.
Affected Version(s)
groupoffice < 6.8.119 < 6.8.119
groupoffice < 25.0.20 < 25.0.20